Results 1 to 2 of 2


  1. #1
    Senior Member
    Join Date
    Jan 2002





    April 9, 2002


    In posts to Bugtraq on April 8, Greymagic Software described four
    vulnerabilities in the Office Web Components (OWC) shipped with
    Microsoft Office 2000 and XP. Malicious Website administrators could
    exploit these flaws to verify that local files exist, read those
    local files, gain unauthorized access to your local clipboard, and
    execute unauthorized scripts. There is no direct impact on
    WatchGuard products. Administrators using Office 2000 or XP within
    their network may want to follow the workaround below until patches
    becomes available.


    Office Web Components (OWC) are a group of scripting components used
    to embed Microsoft Office content into Web pages. OWC comes with
    Microsoft Office and is also available as a free download from
    Microsoft's Website.

    On April 8, GreyMagic Software released four advisories concerning
    security vulnerabilities in OWC for Office 2000 and XP:

    1. The first advisory <http://sec.greymagic.com/adv/gm005-ie/>
    concerns a flaw in Office XP's OWC10 that allows a malicious
    Website to execute unauthorized scripts. A hacker could craft a
    Website that, when visited, would execute a dangerous script
    even if you had active scripting disabled. Javascripts and
    VBscripts are often used in viruses to deliver some kind of
    damaging payload. Malicious scripts can cause all sorts of havoc
    on your machine.

    2. The second advisory <http://sec.greymagic.com/adv/gm006-ie/>
    describes a vulnerability in OWC that allows a malicious Website
    to read files on your local system. This vulnerability affects
    both Office 2000's OWC9 and Office XP's OWC10. A hacker could
    craft a malicious Website that, when visited, would read specific
    files on your local hard drive. The hacker would need to know the
    name and location of a file in order to read it. The hacker might
    use this attack to read your sensitive business files or gain
    extra system knowledge for use in further attacks.

    3. The third advisory <http://sec.greymagic.com/adv/gm007-ie/>
    details a flaw in OWC that would give a malicious Website
    unauthorized control over your local clipboard. This
    vulnerability affects both Office 2000's OWC9 and Office XP's
    OWC10. A configurable feature in Internet Explorer (IE) allows
    Websites access to your clipboard. However, GreyMagic has found a
    way to read and write to the clipboard even when the feature is
    disabled. By enticing you to his maliciously crafted Website, a
    hacker could monitor your clipboard in hopes of learning private
    information. However, he is limited to reading only what you copy
    to your clipboard.

    4. The final advisory <http://sec.greymagic.com/adv/gm008-ie/>
    explains multiple flaws in OWC that allows attackers to learn if
    certain files exists on your hard drive. This vulnerability
    affects both Office 2000's OWC9 and Office XP's OWC10. A hacker
    could craft a malicious Website that, when visited, would attempt
    to access a specific file. If this action didn't produce an
    error, the hacker would know the file exists. In itself, this
    vulnerability is fairly useless. However, once a hacker knows a
    certain file exists he could combine this knowledge with the
    second vulnerability and read the contents of that specific file.

    Any of these attacks might also work if sent as an HTML e-mail that
    the intended victim opens.


    As of yet, Microsoft has not made a patch available for this flaw.
    However, you can prevent all four of these vulnerabilities by
    disabling ActiveX controls and plug-ins in IE. Keep in mind, this
    change also prevents other Web components, like Flash, from working.

    To disable ActiveX controls and plug-ins in IE, click Tools =>
    Internet Options => Security tab. Select the Internet Zone and press
    the Custom Level button. Scroll down to the setting "Run ActiveX
    controls and plug-ins" and choose "Disable." Click OK twice and
    you're done.
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Thanks Zigar!
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts